Authentication Request Boilerplate w/ Q&A
Project Title?
Primo VE SAML/SSO Implementation
Project Goals?
Enable Shib SSO authentication for Ex Libris Primo VE integrated library discovery layer. Secure and seamless login mechanisms are essential to discovering, evaluating and using library services and resources used by students, faculty, and staff. This implementation is a required initiative related to the Unified Library Management System (ULMS), the shared platform to support the collaborative management and delivery of library resources across the CSU.
Project Background/Context
All 23 CSU Libraries transitioned to Ex Libris products for shared systems management in early 2016 and are currently utilizing a discovery layer (Primo New UI) from the same vendor. Both the Alma resource management system and Primo (branded as OneSearch) discovery layer represent a huge investment and are currently the main gateway to locate access, and request Library materials both print, electronic, and items owned by other CSUs. The ULMS Discovery Committee has asked campuses to evaluate the potential benefits and tradeoffs of transition from the siloed Primo New UI interface to the Primo VE interface which is integrated with the existing Alma platform.
Sponsoring Division
[your library]
Project Sponsor
Brandon Dudley, Project Director, Unified Library Management System
Project Service Population
Students, faculty, and staff
Technical Contact
[your info]
New SSO/Modification to existing SSO
Modification to existing SSO
Web Application(Saas) or other
Web Application
Environments
Production
Opportunity Statement
Shib SSO authentication for Primo VE must be completed as soon as possible due to a shared evaluation of this product by the Council of Library Deans’ ULMS Discovery Committee.
https://calstate.atlassian.net/wiki/spaces/UPVE/pages/1741783210
The Chancellor's Office will be sending out detailed instructions to the campus identity management teams regarding specific configurations to support authentication in VE.
*Special considerations for implementation:
Must be completed before Feb 23, 2021. This implementation is an extension of a previously completed setup request for already established authentication to the existing suite of Ex Libris products, Alma and Primo New UI back-office.
How and where will this product or service be used?
Primo VE is an enhancement to the Library's management tool Alma the improves the search and discovery functionality of our current Primo system. This is accomplished by adding comparable functionality to the Alma system that would replace the standalone Primo system for searching and using library materials. The chancellor's office has asked all campuses to test Primo VE to test all aspects of the migration process. The first step in our evaluation of the setup is to configure SAML authentication. We currently use Shibboleth authentication for both Alma and Primo, however, Primo VE uses a separate URL to access the search interface. This allows institutions to run a production Primo instance and a new Primo VE instance in parallel. In order for us to test the SAML integration with Primo VE we will need a new SP added to our existing Alma IDP data. According to Ex Libris:
"On your SAML IDP, you need to add the Primo VE SP. If there is already an entry for the Alma SP, the new Primo VE entry should have the same metadata (but the word ‘alma’ must be changed to primo in the entityID, assertion consumer service, and the logout endpoint) and configurations (release the same attributes)."
What (if any) alternative products or services were considered?
We currently use a standalone Primo server for search and discovery of library material. We are trying to evaluate if Primo VE is a better option.
Why does this product or service best meet your business needs?
It improves management of library discovery services by moving the functionality into an existing software.
Vendor documentation
Documentation from the Chancellor's Office Identity Management group:
Documentation from Ex Libirs:
https://developers.exlibrisgroup.com/alma/integrations/user-management/authentication/inst_idp/saml/
Additional comments
We are trying to evaluate this product to determine if it will work for all 23 campuses. We need to test all aspects of the setup to better assist the chancellor's office with the decision making process.